Open willc opened 7 years ago
thanks! assigned to dev team.
Curious about the progress on this.
We have released Geoportal Server 1.2.9 where we have addressed many of these issues. In this release we no longer use Struts, but have switched to Tiles.
Not sure if anyone looks at this, but multiple vulnerabilities due to outdated libraries turned up in some scans we did (dependency-check).
arcgis_ws_runtime.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7232 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1661 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4278
axis.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5784
batik.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0250
commons-beanutils-1.8.0.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114
commons-collections-3.2.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6420
commons-fileupload-1.2.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3092 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0248
commons-httpclient-3.1.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5262 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153
jopenid-1.07.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1652 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1651
standard-1.0.6.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0254
struts-core-1.3.10.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1182 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1181 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0899 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007
struts-tiles-1.3.10.jar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1182 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1181 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0899 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007